krypted.com

Tiny Deathstars of Foulness

High Sierra sees the Caching service moved out of macOS Server and into the client macOS. This means administrators no longer need to run the Server app on caching servers. Given the fact that the Caching service only stores volatile data easily recreated by caching updates again, there’s no need to back the service up, and it doesn’t interact with users or groups, so it’s easily divested from the rest of the Server services.

And the setup of the Caching service has never been easier. To do so, first open System Preferences and click on the Sharing System Preferences pane.

From here, click on the checkbox for Content Caching to start the service.

At the Content Caching panel, the service will say “Content Caching: On” once it’s running. Here, you can disable the “Cache iCloud content” option, which will disable the caching of user data supplied for iCloud (everything in here is encrypted, by the way). You can also choose to share the Internet Connection, which will create a wireless network that iOS devices can join to pull content. 

Click Options. Here, you can see how much storage is being used and limit the amount used. 

defaults read /Library/Preferences/com.apple.AssetCache.plist

Which returns the following configurable options:

Activated = 1;
CacheLimit = 0; DataPath = “/Library/Application Support/Apple/AssetCache/Data”; LastConfigData = <BIGLONGCRAZYSTRING>; LastConfigURL = “http://suconfig.apple.com/resource/registration/v1/config.plist”; LastPort = 56452; LastRegOrFlush = “2017-09-11 16:32:56 +0000”; LocalSubnetsOnly = 1; PeerLocalSubnetsOnly = 1; Port = 0; Region = 263755EFEF1C5DA178E82754D20D47B6; ReservedVolumeSpace = 2000000000; SavedCacheDetails = {
SavedCacheSize = 0;
ServerGUID = “EB531594-B51E-4F6A-80B9-35081B924629”;
Version = 1;}

This means that all those settings that you used to see in the GUI are still there, you just access them via the command line, by sending defaults commands. For example, 

defaults write /Library/Preferences/com.apple.AssetCache.plist CacheLimit -int 20000000000

You can

AssetCacheManagerUtil status

Which returns something similar to the following:

2017-09-11 11:49:37.427 AssetCacheManagerUtil[23957:564981] Built-in caching server status: {
Activated = 1;
Active = 1;
CacheDetails = {
iCloud = 4958643;
“iOS Software” = 936182434;};
CacheFree = 472585174016;
CacheLimit = 0;
CacheStatus = OK;
CacheUsed = 941141077;
Parents = ();
Peers = ();
PersonalCacheFree = 472585174016;
PersonalCacheLimit = 0;
PersonalCacheUsed = 4958643;
Port = 56452;
PrivateAddresses = (“192.168.104.196”);
PublicAddress = “38.126.164.226”;
RegistrationStatus = 1;
RestrictedMedia = 0;
ServerGUID = “EB531594-B51E-4F6A-80B9-35081B924629”;
StartupStatus = OK;
TotalBytesDropped = 0;
TotalBytesImported = 4958643;
TotalBytesReturnedToChildren = 0;
TotalBytesReturnedToClients = 166627405;
TotalBytesReturnedToPeers = 0;
TotalBytesStoredFromOrigin = 166627405;
TotalBytesStoredFromParents = 0;
TotalBytesStoredFromPeers = 0;

You can also use AssetCacheManagerUtil to manage tasks previously built into the Server app. To see the available options, simply run the command:

bash-3.2# /usr/bin/AssetCacheManagerUtil

Which would show the following:

Options are:
-a|–all show all events
-j|–json print results in JSON
-l|–linger don’t exit
2017-09-11 11:57:30.066 AssetCacheManagerUtil[24213:569932] Commands are:
activate
deactivate
isActivated
canActivate
flushCache
flushPersonalCache
flushSharedCache
status
settings
reloadSettings
moveCacheTo path
absorbCacheFrom path read-only|and-destroy

As such, to enable the server:

bash-3.2# /usr/bin/AssetCacheManagerUtil activate 

To disable the server

bash-3.2# /usr/bin/AssetCacheManagerUtil deactivate

To check if the server can be activated

bash-3.2# /usr/bin/AssetCacheManagerUtil canActivate

To flush the cache of assets on the server:

bash-3.2# /usr/bin/AssetCacheManagerUtil flushCache 

To reload settings if you make any changes:

bash-3.2# /usr/bin/AssetCacheManagerUtil reloadSettings

To move the database

/usr/bin/AssetCacheManagerUtil moveCacheTo "/Volumes/SONY/Library/Application Support/Apple/AssetCache/Data"

Finally, if you’d like to see the caching server your client system is using, you can run the following command:

/usr/bin/AssetCacheLocatorUtil 2>&1 | grep guid | awk '{print$4}' | sed 's/^\(.*\):.*$/\1/' | uniq

And if you use Jamf Pro and would like to use this as an extension attribute, that’s posted here: https://github.com/krypted/cachecheck. I didn’t do any of the if/then there, as I’d usually just do that on the JSS.

Note: To see how AssetCache interacts with Tetherator, see Tethered Caching of iOS Assets from macOS 10.12.4.

September 28th, 2017

Posted In: Mac OS X, Mac OS X Server

Tags: , , , , , ,

macOS Server 5.4 running on High Sierra can have problems with Open Directory. Sometimes, you just need to reset your directory service. You can demote and restore the server if needed. But buyer beware, you may end up screwing things up while the directory server is being demoted and you’re restoring a backup. Or if you haven’t built out the directory server, you may end up just demoting the server and starting over. In this article, we’ll look at demoting the server.

Note: If you demote the service, and you don’t have a replica, you will destroy all users and groups.

To get started demoting the Open Directory master, first open the Server app and click on Open Directory.


From the Open Directory screen, click on the minus button in the Servers section. When prompted to Delete the directory service, click on the Delete button.


You’ll then see that the server is demoting.


Once the process is complete, you’ll be able to setup a new directory server, back at the initial Open Directory screen. The process takes awhile, so be patient.


Note: This process can fail on Open Directory replicas. Make sure you can ssh into the master from the replica, and that you can access all required slurpd services.

September 28th, 2017

Posted In: Mac OS X Server

Tags: , , , , , ,

macOS Server 5.4, running on High Sierra, comes complete with lots of awesome features. And these features are made easier with some documentation to help you get up and running, started and owning the configuration of Apple Servers. One such is the built-in options to help manage your servers. Open Server, click Help, then click Server Help. You can then search and browse for information about things you’d like to accomplish using the Help Center.



Now, click the arrow for each service for information about configuring that service. And just like that, simple and easy-to-use documentation, available live on macOS Server, guiding you to accessing the features you need. You will need to be online to use it effectively, as this information is updated using official help documentation.

September 28th, 2017

Posted In: Mac OS X Server

Tags: , , ,

In past versions of this guide, I covered Time Machine Server. Here, we’re going to look at backing up the settings of a macOS Server using Bender. To do so, we’re going to install a little app called Bender from the great folks at Robot Cloud. You can download that from http://robotcloud.screenstepslive.com/s/2459/m/5322/l/94467-bender-automated-backup-of-os-x-server-settings.
Screen Shot 2015-09-24 at 10.51.00 PM
Once downloaded, run the package installer.
Screen Shot 2015-09-24 at 10.49.32 PM
At the Welcome to Bender screen, click Continue.
Screen Shot 2015-09-24 at 10.52.03 PM
Agree to the licensing agreement by clicking the Continue button. Screen Shot 2015-09-24 at 10.52.22 PM
Click Agree again (assuming of course that you agree to the license). Screen Shot 2015-09-24 at 10.52.57 PM
Choose who you wish to install the software for and click Continue. Screen Shot 2015-09-24 at 10.53.52 PM
I’d go ahead and install Bender at the default location, so click Install. Once the installer is complete, you can view the installed LaunchDaemon at /Library/LaunchDaemons/net.robotcloud.bender.plist. Note that it calls the /usr/local/robotcloud/bin/bender binary when run at 22:00 every day. If you edit this file, the following settings are available:

host=$(hostname) macOS=$(sw_vers | awk ‘/ProductVersion/{print substr($2,1,5)}’ | tr -d “.”) macSN=$(system_profiler SPHardwareDataType | awk ‘/Serial Number/{print $4}’) date=$(date +%Y-%m-%d-%H%M) pass=$(system_profiler SPHardwareDataType | awk ‘/Hardware UUID/{print $3}’) logPath=”/usr/local/robotcloud/logs/bender.log” pipPath=”/usr/local/robotcloud/bin/scroobiuspip” pipTitle=”Bender Backup Error on: $macSN” backupDestination=”/Backups/$date” keepUntil=”14″ version=”2.3″ versionCheck=”$1″

The most important of these is the backupDestination. You can set this to be the /Backups folder as it is above, or set it to be an external drive. Either should be backed up using your standard backup software.

September 28th, 2017

Posted In: Mac OS X Server

Tags: , , , , ,

In order to use the Apple Volume Purchase Program (VPP), you will need an MDM solution (Profile Manager, Jamf Pro, MobileIron, Meraki, FileWave, etc). The same program is used for device-based VPP or user-based VPP. There are two programs, which is meant to simplify the experience of setting up an MDM solution and long-term maintenance. The first is the traditional VPP account, available to companies and other non-educational environments that have a DUNS number. The second is the newer Apple School Manager, for educational institutions.

Before starting to buy apps and associating those apps from an MDM solution, there are a few things you should know. The first is that your organization can have multiple VPP tokens or Apple School Manager tokens, and you can hierarchically manage apps this way. The second is that each token should only be installed on one MDM solution or server (if you have multiple instances of the same solution). Therefore, if you’re going to have multiple servers or solutions for managing apps, keep in mind to buy apps for groups based on the VPP account that will be associated with devices for each solution. Also, note that the traditional deployment mechanism of VPP is user, or Apple ID-based VPP apps. Here, you associate an Apple ID to a VPP account from an MDM and then the administrator sends apps to devices based via the MDM solution. And this is still an option.

In 10.11 and up, we got device-based VPP. Here, you can send apps to devices even if they don’t have Apple IDs associated to the device, and you can send apps automatically, meaning they will not require user interaction. This makes VPP multi-tenant and great for school labs, or shared-use Macs and iOS devices. But this article isn’t about the fine print details of the new VPP. Instead, this article is about making Profile Manager work with your new VPP token. Before you get started, know that when you install your vpptoken, if it’s in use by another MDM, Profile Manager will unlicensed all apps with your other MDM. To get started, log into your VPP account. Once logged in, click on your account email address and then select Account Summary.
vpp1

Then, click on the Download Token link and your token will be downloaded to your ~/Downloads (or wherever you download stuff).

vpp2
Once you have your token, open the Server app and click on the Profile Manager service.

 

Click on the checkbox for Volume Purchase Program.

 

At the VPP Managed Distribution screen, drag the .vpptoken file downloaded earlier into the screen. Then click on Continue. The VPP code email address will appear in the screen. Click Done. Back at the profile manager screen, you should then see that the checkbox is filled and you can now setup Profile Manager. The rest of the configuration of Profile Manager is covered in a previous article. Note: The account used to configure the VPP information is not tracked in any serveradmin settings.

September 28th, 2017

Posted In: Mac OS X, Mac OS X Server, Mass Deployment

Tags: , , , ,

There are a couple of ways to create groups in macOS Server 5.4, running on High Sierra. The first is using the Server app, the second is using the Users & Groups System Preference pane and the third is using the command line. In this article we will look at creating groups in the directory service with the Server app.

Once a server has been an Open Directory Master all user and group accounts created will be in the Local Network Group when created in Server app. Before that, all user and group objects are stored locally when created in Server app. Once promoted to an Open Directory server, groups are created in the Open Directory database or if you select it from the directory domain drop-down list, locally. Groups can also be created in both locations, using a command line tool appropriate for group management.

To create a new group, open the Server app and then click on Groups in the ACCOUNTS list of the Server app sidebar. From here, you can switch between the various directory domains accessible to the server using the drop-down list available. Click on the plus sign to create a local network group.
At the New Group screen, provide a name for the group in the Full Name field. This can have spaces. Then create a short name for the group in the Group Name field. This should not have spaces.
Click Done when you have supplied the appropriate information and the group is created. Once done, double-click on the group to see more options.
Here, use the plus sign (“+”) to add members to the group or highlight members and use the minus sign (“-“) to remove users from the group. You can also choose to use the following options:
  • Mailing Lists: Lists that are connected to the group.
  • Members: The users that are part of the group
  • Give this group a shared folder: Creates a shared directory for the group, or a group with an ACL that grants all group members access.
  • Make group members Messages buddies: Adds each group member to each other group members buddy list in the Messages client.
  • Enable group mailing list: Enables a list using the short name of the group where all members receive emails to that address.
  • Create Group Wiki: Opens the Wiki interface for creating a wiki for the group.
  • Keywords: Keywords/tags to help locate users.
  • Notes: Notes about users.
Once changes have been made, click Done to commit the changes.

September 28th, 2017

Posted In: Mac OS X Server

Tags: , , , , , , , ,

By default, macOS now updates apps that are distributed through the Mac App Store (MAS). Server running on macOS High Sierra is really just the Server app, sitting on the App Store, installed on a standard Mac. If the Server app is upgraded automatically, you will potentially experience some adverse side effects, especially if the app is running on a Metadata Controller for Xsan, runs Open Directory, or a major release of the Server app ships. Additionally, if you are prompted to install a beta version on a production system, you could end up with issues. Therefore, in this article we’re going to disable these otherwise sweet features of macOS.

To get started, first open the System Preferences. From there, click on the App Store System Preference pane.



From the App Store System Preference pane, uncheck the following boxes:
  • Automatically Check For Updates: Unchecking this box disables the download in the background option and the installation of app updates.
  • Automatically Download Apps Purchased on Other Macs: If you buy an upgrade, you could accidentally install that upgrade on production servers you don’t intend to install the upgrade on.
Once disabled, you’ll need to keep on top of updates in the App Store manually. My recommendation is still to create an image of your server before each update. If you see the field, click Change for “Your computer is set to receive beta software updates” and then click Do Not Receive Beta Software Releases.

 

You can also set these from the command line. To disable automatic app store updates:

defaults write /Library/Preferences/com.apple.commerce AutoUpdate -bool FALSE

To disable automatic macOS updates:

defaults write /Library/Preferences/com.apple.commerce AutoUpdateRestartRequired -bool FALSE

And to disable automatic Software Update update checks:

defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled -bool FALSE

Overall, be careful with automatic updates. I like leaving checking enabled so when I sit down at the console of a server I get prompted to update; however, I don’t want servers updating and restarting unless I tell them to, after I’ve performed a comprehensive regression test on the updates.

September 27th, 2017

Posted In: Mac OS X, Mac OS X Server

Tags: , ,

macOS Server 5.4, running on High Sierra, comes with a number of alerts that can be sent to administrators via servermgrd and configured since the 5th version of the Server app. To configure alerts on the server, open the Server app and then click on Alerts in the Server app sidebar.



Next, click on the Delivery tab.

 

At the Delivery screen, click on the Edit button for Email Addresses and enter every email address that should receive alerts sent from the server. Then click on the Edit button for Push Notifications. Here, check the box for each administrator of the server. The email address on file for the user then receives push notifications of events from the server.


 

Then, check the boxes for Email and Push for each of the alerts you want to receive (you don’t have to check both for each entry). Alerts have changed in macOS Server, they are no longer based on the SMART status of drives or capacity; instead Delivery is now based on service settings.

September 27th, 2017

Posted In: Mac OS X Server

Tags: , , , ,

Web Services in macOS Server, Linux and most versions of Unix are provided by Apache, an Open Source project that much of the Internet owes its origins to. Apache owes its name to the fact that it’s “a patchy” service. These patches are often mods, or modules. Configuring web services is as easy in macOS Server 5.4, running on High Sierra (10.13), as it has ever been.

To set up the default web portal, simply open the Server app, click on the Websites service and click on the ON button.

After a time, the service will start. Once running, click on the View Server Website link at the bottom of the pane.

Provided the stock macOS Server page loads, you are ready to use macOS Server as a web server.



Before we setup custom sites, there are a few things you should know. The first is, the server is no longer really designed to remove the default website. So if you remove the site, your server will exhibit inconsistent behavior. Also, don’t remove the files that comprise the default site. Instead just add sites, which is covered next. Webmail is gone. You don’t have to spend a ton of time looking for it as it isn’t there. Also, Mountain Lion Server added web apps, which we’ll briefly review later in this article as well, as those continue in Mavericks Server, Yosemite Server, El Capitan Server and ultimately macOS Server 5.2 for Sierra and macOS Server 5.4 for High Sierra.  Finally, enabling PHP and Python on sites is done globally, so this setting applies to all sites hosted on the server.



Now that we’ve got that out of the way, let’s add our first custom site. Do so by clicking on the plus sign. At the New Web Site pane, you’ll be prompted for a number of options. The most important is the name of the site, with other options including the following:
  • Domain Name: The name the site is accessible from. The default sites do not have this option as they are accessible from all names that resolve to the server.
  • IP Address: The IP address the site listens on. Any means the site is available from every IP address the server is configured to use. The default websites do not have this option as they are accessible from all addresses automatically
  • Port: By default, sites without SSL run on port 80 on all network interfaces, and sites with SSL run on port 443 on all network interfaces. Use the Port field to use custom ports (e.g., 8080). The default sites do not have this option as they are configured to use 80 and 443 for default and SSL-based communications respectively.
  • SSL Certificate: Loads a list of SSL certificates installed using Keychain or the SSL Certificate option in the Settings pane of the Server application
  • Store Site Files In: The directory that the files that comprise the website are stored in. These can be placed into the correct directory using file shares or copying using the Finder. Click on the drop-down menu and then select Other to browse to the directory files are stored in.
  • Who Can Access: By default Anyone (all users, including unauthenticated guests) can access the contents of sites. Clicking on Anyone and then Customize… brings up the “Restrict access to the following folders to a chosen group” screen, where you can choose web directories and then define groups of users who can access the contents.
  • Additional Domains: Click on the Edit… button to bring up a simple list of domain names the the site also responds for (e.g. in addition to krypted.com, add www.krypted.com).
  • Redirects: Click on the Edit… button to bring up a list of redirects within the site. This allows configuring redirects to other sites. For example, use /en to load english.krypted.com or /cn to load china.krypted.com).
  • Aliases: Click on the Edit… button to load a list of aliases. This allows configuring redirects to folders within the same server. For example, /en loads /Library/Server/Web/Data/Sites/Default
  • Index Files: Click on the Edit… button to bring up a list of pages that are loaded when a page isn’t directly indicated. For example, when visiting krypted.com, load the wp.php page by default.
  • Advanced Options: The remaining options are available by clicking on the “Edit Advanced Settings…” button.

The Advanced Option include the following:
  • Enable Server Side Includes: Allows administrators to configure leveraging includes in web files, so that pieces of code can be used across multiple pages in sites.
  • Allow overrides using .htaccess files: Using a .htaccess file allows administrators to define who is able to access a given directory, defining custom user names and passwords in the hidden .htaccess file. These aren’t usually required in an OS X Server web environment as local and directory-based accounts can be used for such operations. This setting enables using custom .htaccess files instead of relying on Apple’s stock web permissions.
  • Allow folder listing: Enables folder listings on directories of a site that don’t have an Index File (described in the non-Advanced settings earlier).
  • Allow CGI execution: Enables CGI scripts for the domain being configured.
  • Use custom error page: Allows administrators to define custom error pages, such as those annoying 404 error pages that load when a page can’t be found
  • Make these web apps available on this website: A somewhat advanced setting, loads items into the webapps array, which can be viewed using the following command:  sudo serveradmin settings web:definedWebApps
Once you’ve configured all the appropriate options, click on Done to save your changes. The site should then load. Sites are then listed in the list of Websites.

The Apache service is most easily managed from the Server app, but there are too many options in Apache to really be able to put into a holistic graphical interface. The easiest way to manage the Websites service in OS X Yosemite Server is using the serveradmin command. Apache administrators from other platforms will be tempted to use the apachectl command to restart the Websites service. Instead, use the serveradmin command to do so. To start the service:

sudo serveradmin start web

To stop the service(s):

sudo serveradmin stop web

And to see the status:

sudo serveradmin fullstatus web

Fullstatus returns the following information:
web:health = _empty_dictionary
web:readWriteSettingsVersion = 1
web:apacheVersion = “2.4”
web:servicePortsRestrictionInfo = _empty_array
web:startedTime = “2017-08-26 02:38:57 +0000”
web:apacheState = “RUNNING”
web:statusMessage = “”
web:ApacheMode = 2
web:servicePortsAreRestricted = “NO”
web:state = “RUNNING”
web:setStateVersion = 1

While the health option typically resembles kiosk computers in the Computer Science departments of most major universities, much of the rest of the output can be pretty helpful including the Apache version, whether the service is running, any restrictions on ports and the date/time stamp that the service was started.

To see all of the settings available to the serveradmin command, run it, followed by settings and then web, to indicate the Websites service:

sudo serveradmin settings web

The output is pretty verbose and can be considered in two sections, the first includes global settings across sites as well as the information for the default sites that should not be deleted:
web:defaultSite:documentRoot = “/Library/Server/Web/Data/Sites/Default”
web:defaultSite:serverName = “”
web:defaultSite:realms = _empty_dictionary
web:defaultSite:redirects = _empty_array
web:defaultSite:enableServerSideIncludes = no
web:defaultSite:networkAccesses = _empty_array
web:defaultSite:customLogPath = “&quot;/var/log/apache2/access_log&quot;”
web:defaultSite:webApps = _empty_array
web:defaultSite:sslCertificateIdentifier = “”
web:defaultSite:fullSiteRedirectToOtherSite = “https://%{SERVER_NAME}”
web:defaultSite:allowFolderListing = no
web:defaultSite:serverAliases = _empty_array
web:defaultSite:errorLogPath = “&quot;/var/log/apache2/error_log&quot;”
web:defaultSite:fileName = “/Library/Server/Web/Config/apache2/sites/0000_127.0.0.1_34580_.conf”
web:defaultSite:aliases = _empty_array
web:defaultSite:directoryIndexes:_array_index:0 = “index.html”
web:defaultSite:directoryIndexes:_array_index:1 = “index.php”
web:defaultSite:directoryIndexes:_array_index:2 = “default.html”
web:defaultSite:allowAllOverrides = no
web:defaultSite:identifier = “67127006”
web:defaultSite:port = 34580
web:defaultSite:allowCGIExecution = no
web:defaultSite:serverAddress = “127.0.0.1”
web:defaultSite:requiresSSL = no
web:defaultSite:proxies = _empty_dictionary
web:defaultSite:errorDocuments = _empty_dictionary
The second section is per-site settings, with an array entry for each site:
web:customSites:_array_index:0:documentRoot =
“/Library/Server/Web/Data/Sites/blog.krypted.com” web:customSites:_array_index:0:serverName = “blog.krypted.com”
web:customSites:_array_index:0:realms = _empty_dictionary
web:customSites:_array_index:0:redirects = _empty_array
web:customSites:_array_index:0:enableServerSideIncludes = no
web:customSites:_array_index:0:networkAccesses = _empty_array
web:customSites:_array_index:0:customLogPath = “/var/log/apache2/access_log”
web:customSites:_array_index:0:webApps = _empty_array
web:customSites:_array_index:0:sslCertificateIdentifier = “”
web:customSites:_array_index:0:fullSiteRedirectToOtherSite = “”
web:customSites:_array_index:0:allowFolderListing = no
web:customSites:_array_index:0:serverAliases = _empty_array
web:customSites:_array_index:0:errorLogPath = “/var/log/apache2/error_log”
web:customSites:_array_index:0:fileName = “/Library/Server/Web/Config/apache2/sites/0000_127.0.0.1_34580_blog.krypted.com.conf”
web:customSites:_array_index:0:aliases = _empty_array
web:customSites:_array_index:0:directoryIndexes:_array_index:0 = “index.html”
web:customSites:_array_index:0:directoryIndexes:_array_index:1 = “index.php”
web:customSites:_array_index:0:directoryIndexes:_array_index:2 = “default.html”
web:customSites:_array_index:0:allowAllOverrides = no
web:customSites:_array_index:0:identifier = “67127002”
web:customSites:_array_index:0:port = 34580
web:customSites:_array_index:0:allowCGIExecution = no
web:customSites:_array_index:0:serverAddress = “127.0.0.1”
web:customSites:_array_index:0:requiresSSL = no
web:customSites:_array_index:0:proxies = _empty_dictionary
web:customSites:_array_index:0:errorDocuments = _empty_dictionary
web:dataLocation = “/Library/Server/Web/Data”
The next section (the largest by far) includes array entries for each defined web app. The following shows the entry for a Hello World Python app
web:definedWebApps:_array_index:0:requiredWebAppNames = _empty_array
web:definedWebApps:_array_index:0:includeFiles:_array_index:0 = “/Library/Server/Web/Config/apache2/httpd_ACSServer.conf”
web:definedWebApps:_array_index:0:requiredModuleNames:_array_index:0 = “mod_rewrite.so”
web:definedWebApps:_array_index:0:startCommand = “”
web:definedWebApps:_array_index:0:sslPolicy = 1
web:definedWebApps:_array_index:0:requiresSSL = no
web:definedWebApps:_array_index:0:requiredByWebAppNames = _empty_array
web:definedWebApps:_array_index:0:launchKeys:_array_index:0 = “com.apple.AccountsConfigService”
web:definedWebApps:_array_index:0:proxies:/AccountsConfigService/api/:path = “/AccountsConfigService/api/”
web:definedWebApps:_array_index:0:proxies:/AccountsConfigService/api/:urls:_array_index:0 = “http://localhost:31415/AccountsConfigService/api”
web:definedWebApps:_array_index:0:preflightCommand = “”
web:definedWebApps:_array_index:0:stopCommand = “”
web:definedWebApps:_array_index:0:name = “com.apple.webapp.ACSServer”
web:definedWebApps:_array_index:0:displayName = “”
web:definedWebApps:_array_index:1:requiredWebAppNames:_array_index:0 = “com.apple.webapp.collabd”
web:definedWebApps:_array_index:1:includeFiles:_array_index:0 = “/Library/Server/Web/Config/apache2/httpd_corecollaboration_webauth.conf”
web:definedWebApps:_array_index:1:requiredModuleNames:_array_index:0 = “proxy_module”
web:definedWebApps:_array_index:1:requiredModuleNames:_array_index:1 = “headers_module”
web:definedWebApps:_array_index:1:startCommand = “”
web:definedWebApps:_array_index:1:sslPolicy = 4
web:definedWebApps:_array_index:1:requiresSSL = no
web:definedWebApps:_array_index:1:requiredByWebAppNames = _empty_array
web:definedWebApps:_array_index:1:launchKeys = _empty_array
web:definedWebApps:_array_index:1:proxies:/auth:path = “/auth”
web:definedWebApps:_array_index:1:proxies:/auth:urls:_array_index:0 = “http://localhost:4444/auth”
web:definedWebApps:_array_index:1:preflightCommand = “”
web:definedWebApps:_array_index:1:stopCommand = “”
web:definedWebApps:_array_index:1:name = “com.apple.webapp.auth”
web:definedWebApps:_array_index:1:displayName = “”
web:definedWebApps:_array_index:2:requiredWebAppNames:_array_index:0 = “com.apple.webapp.auth”
web:definedWebApps:_array_index:2:includeFiles:_array_index:0 = “/Library/Server/Web/Config/apache2/httpd_corecollaboration_webcalssl.conf”
web:definedWebApps:_array_index:2:requiredModuleNames:_array_index:0 = “proxy_module”
web:definedWebApps:_array_index:2:requiredModuleNames:_array_index:1 = “headers_module”
web:definedWebApps:_array_index:2:startCommand = “”
web:definedWebApps:_array_index:2:sslPolicy = 1
web:definedWebApps:_array_index:2:requiresSSL = no
web:definedWebApps:_array_index:2:requiredByWebAppNames = _empty_array
web:definedWebApps:_array_index:2:launchKeys = _empty_array
web:definedWebApps:_array_index:2:proxies = _empty_dictionary
web:definedWebApps:_array_index:2:preflightCommand = “”
web:definedWebApps:_array_index:2:stopCommand = “”
web:definedWebApps:_array_index:2:name = “com.apple.webapp.calendar”
web:definedWebApps:_array_index:2:displayName = “”
web:definedWebApps:_array_index:3:requiredWebAppNames:_array_index:0 = “com.apple.webapp.auth”
web:definedWebApps:_array_index:3:includeFiles:_array_index:0 = “/Library/Server/Web/Config/apache2/httpd_corecollaboration_changepassword.conf”
web:definedWebApps:_array_index:3:requiredModuleNames:_array_index:0 = “proxy_module”
web:definedWebApps:_array_index:3:requiredModuleNames:_array_index:1 = “headers_module”
web:definedWebApps:_array_index:3:startCommand = “”
web:definedWebApps:_array_index:3:sslPolicy = 4
web:definedWebApps:_array_index:3:requiresSSL = no
web:definedWebApps:_array_index:3:requiredByWebAppNames = _empty_array
web:definedWebApps:_array_index:3:launchKeys = _empty_array
web:definedWebApps:_array_index:3:proxies:/changepassword:path = “/changepassword”
web:definedWebApps:_array_index:3:proxies:/changepassword:urls:_array_index:0 = “http://localhost:4444/changepassword”
web:definedWebApps:_array_index:3:preflightCommand = “”
web:definedWebApps:_array_index:3:stopCommand = “”
web:definedWebApps:_array_index:3:name = “com.apple.webapp.changepassword”
web:definedWebApps:_array_index:3:displayName = “”
web:definedWebApps:_array_index:4:requiredWebAppNames = _empty_array
web:definedWebApps:_array_index:4:includeFiles:_array_index:0 = “/Library/Server/Web/Config/apache2/httpd_corecollaboration_shared.conf”
web:definedWebApps:_array_index:4:requiredModuleNames:_array_index:0 = “proxy_module”
web:definedWebApps:_array_index:4:requiredModuleNames:_array_index:1 = “xsendfile_module”
web:definedWebApps:_array_index:4:requiredModuleNames:_array_index:2 = “headers_module”
web:definedWebApps:_array_index:4:requiredModuleNames:_array_index:3 = “expires_module”
web:definedWebApps:_array_index:4:requiredModuleNames:_array_index:4 = “deflate_module”
web:definedWebApps:_array_index:4:startCommand = “”
web:definedWebApps:_array_index:4:sslPolicy = 0
web:definedWebApps:_array_index:4:requiresSSL = no
web:definedWebApps:_array_index:4:requiredByWebAppNames = _empty_array
web:definedWebApps:_array_index:4:launchKeys:_array_index:0 = “com.apple.collabd.expire”
web:definedWebApps:_array_index:4:launchKeys:_array_index:1 = “com.apple.collabd.notifications”
web:definedWebApps:_array_index:4:proxies:/collabdproxy:path = “/collabdproxy”
web:definedWebApps:_array_index:4:proxies:/collabdproxy:urls:_array_index:0 = “http://localhost:4444/svc”
web:definedWebApps:_array_index:4:proxies:/__collabd/streams/activity:path = “/__collabd/streams/activity”
web:definedWebApps:_array_index:4:proxies:/__collabd/streams/activity:urls:_array_index:0 = “http://localhost:4444/streams/activity”
web:definedWebApps:_array_index:4:preflightCommand = “”
web:definedWebApps:_array_index:4:stopCommand = “”
web:definedWebApps:_array_index:4:name = “com.apple.webapp.collabd”
web:definedWebApps:_array_index:4:displayName = “”
web:definedWebApps:_array_index:5:requiredWebAppNames:_array_index:0 = “com.apple.webapp.auth”
web:definedWebApps:_array_index:5:includeFiles = _empty_array
web:definedWebApps:_array_index:5:requiredModuleNames = _empty_array
web:definedWebApps:_array_index:5:startCommand = “”
web:definedWebApps:_array_index:5:sslPolicy = 0
web:definedWebApps:_array_index:5:requiresSSL = no
web:definedWebApps:_array_index:5:requiredByWebAppNames = _empty_array
web:definedWebApps:_array_index:5:launchKeys:_array_index:0 = “com.apple.DeviceManagement.dmrunnerd”
web:definedWebApps:_array_index:5:launchKeys:_array_index:1 = “com.apple.DeviceManagement.php-fpm”
web:definedWebApps:_array_index:5:proxies = _empty_dictionary
web:definedWebApps:_array_index:5:preflightCommand = “”
web:definedWebApps:_array_index:5:stopCommand = “”
web:definedWebApps:_array_index:5:name = “com.apple.webapp.devicemgr”
web:definedWebApps:_array_index:5:displayName = “”
web:definedWebApps:_array_index:6:requiredWebAppNames = _empty_array
web:definedWebApps:_array_index:6:includeFiles = _empty_array
web:definedWebApps:_array_index:6:requiredModuleNames:_array_index:0 = “php5_module”
web:definedWebApps:_array_index:6:startCommand = “”
web:definedWebApps:_array_index:6:sslPolicy = 0
web:definedWebApps:_array_index:6:requiresSSL = no
web:definedWebApps:_array_index:6:requiredByWebAppNames = _empty_array
web:definedWebApps:_array_index:6:launchKeys = _empty_array
web:definedWebApps:_array_index:6:proxies = _empty_dictionary
web:definedWebApps:_array_index:6:preflightCommand = “”
web:definedWebApps:_array_index:6:stopCommand = “”
web:definedWebApps:_array_index:6:name = “com.apple.webapp.php”
web:definedWebApps:_array_index:6:displayName = “”
web:definedWebApps:_array_index:7:requiredWebAppNames = _empty_array
web:definedWebApps:_array_index:7:includeFiles:_array_index:0 = “/Library/Server/Web/Config/apache2/httpd_webdavsharing.conf”
web:definedWebApps:_array_index:7:requiredModuleNames:_array_index:0 = “rewrite_module”
web:definedWebApps:_array_index:7:requiredModuleNames:_array_index:1 = “bonjour_module”
web:definedWebApps:_array_index:7:startCommand = “”
web:definedWebApps:_array_index:7:sslPolicy = 0
web:definedWebApps:_array_index:7:requiresSSL = no
web:definedWebApps:_array_index:7:requiredByWebAppNames = _empty_array
web:definedWebApps:_array_index:7:launchKeys = _empty_array
web:definedWebApps:_array_index:7:proxies = _empty_dictionary
web:definedWebApps:_array_index:7:preflightCommand = “”
web:definedWebApps:_array_index:7:stopCommand = “”
web:definedWebApps:_array_index:7:name = “com.apple.webapp.webdavsharing”
web:definedWebApps:_array_index:7:displayName = “”
web:definedWebApps:_array_index:8:requiredWebAppNames:_array_index:0 = “com.apple.webapp.collabd”
web:definedWebApps:_array_index:8:requiredWebAppNames:_array_index:1 = “com.apple.webapp.auth”
web:definedWebApps:_array_index:8:includeFiles:_array_index:0 = “/Library/Server/Web/Config/apache2/httpd_corecollaboration_wiki.conf”
web:definedWebApps:_array_index:8:requiredModuleNames:_array_index:0 = “proxy_module”
web:definedWebApps:_array_index:8:requiredModuleNames:_array_index:1 = “headers_module”
web:definedWebApps:_array_index:8:startCommand = “”
web:definedWebApps:_array_index:8:sslPolicy = 0
web:definedWebApps:_array_index:8:requiresSSL = no
web:definedWebApps:_array_index:8:requiredByWebAppNames = _empty_array
web:definedWebApps:_array_index:8:launchKeys:_array_index:0 = “com.apple.collabd.preview”
web:definedWebApps:_array_index:8:launchKeys:_array_index:1 = “com.apple.collabd.quicklook”
web:definedWebApps:_array_index:8:proxies:/__collabd/preview:path = “/__collabd/preview”
web:definedWebApps:_array_index:8:proxies:/__collabd/preview:urls:_array_index:0 = “http://localhost:4444/preview”
web:definedWebApps:_array_index:8:proxies:/wiki/files/upload:path = “/wiki/files/upload”
web:definedWebApps:_array_index:8:proxies:/wiki/files/upload:urls:_array_index:0 = “http://localhost:4444/upload_file”
web:definedWebApps:_array_index:8:proxies:/wiki/files/download:path = “/wiki/files/download”
web:definedWebApps:_array_index:8:proxies:/wiki/files/download:urls:_array_index:0 = “http://localhost:4444/files”
web:definedWebApps:_array_index:8:proxies:/wiki/ipad:path = “/wiki/ipad”
web:definedWebApps:_array_index:8:proxies:/wiki/ipad:urls = _empty_array
web:definedWebApps:_array_index:8:proxies:/wiki:path = “/wiki”
web:definedWebApps:_array_index:8:proxies:/wiki:urls:_array_index:0 = “http://localhost:4444/app-context/wiki”
web:definedWebApps:_array_index:8:preflightCommand = “”
web:definedWebApps:_array_index:8:stopCommand = “”
web:definedWebApps:_array_index:8:name = “com.apple.webapp.wiki”
web:definedWebApps:_array_index:8:displayName = “”
web:definedWebApps:_array_index:9:requiredWebAppNames = _empty_array
web:definedWebApps:_array_index:9:includeFiles:_array_index:0 = “/Library/Server/Web/Config/apache2/httpd_wsgi.conf”
web:definedWebApps:_array_index:9:requiredModuleNames:_array_index:0 = “wsgi_module”
web:definedWebApps:_array_index:9:startCommand = “”
web:definedWebApps:_array_index:9:sslPolicy = 0
web:definedWebApps:_array_index:9:requiresSSL = no
web:definedWebApps:_array_index:9:requiredByWebAppNames = _empty_array
web:definedWebApps:_array_index:9:launchKeys = _empty_array
web:definedWebApps:_array_index:9:proxies = _empty_dictionary
web:definedWebApps:_array_index:9:preflightCommand = “”
web:definedWebApps:_array_index:9:stopCommand = “”
web:definedWebApps:_array_index:9:name = “com.apple.webapp.wsgi”
web:definedWebApps:_array_index:9:displayName = “Python &quot;Hello World&quot; app at /wsgi”
web:definedWebApps:_array_index:10:requiredWebAppNames = _empty_array
web:definedWebApps:_array_index:10:includeFiles:_array_index:0 = “/Library/Developer/XcodeServer/CurrentXcodeSymlink/Contents/Developer/usr/share/xcs/httpd_xcs.conf”
web:definedWebApps:_array_index:10:requiredModuleNames = _empty_array
web:definedWebApps:_array_index:10:startCommand = “”
web:definedWebApps:_array_index:10:sslPolicy = 4
web:definedWebApps:_array_index:10:requiresSSL = no
web:definedWebApps:_array_index:10:requiredByWebAppNames = _empty_array
web:definedWebApps:_array_index:10:launchKeys = _empty_array
web:definedWebApps:_array_index:10:proxies = _empty_dictionary
web:definedWebApps:_array_index:10:preflightCommand = “”
web:definedWebApps:_array_index:10:stopCommand = “”
web:definedWebApps:_array_index:10:name = “com.apple.webapp.xcode”
web:definedWebApps:_array_index:10:displayName = “”
web:definedWebApps:_array_index:11:requiredWebAppNames:_array_index:0 = “com.example.webapp.myotherwebapp”
web:definedWebApps:_array_index:11:includeFiles:_array_index:0 = “/Library/Server/Web/Config/apache2/httpd_myinclude.conf”
web:definedWebApps:_array_index:11:requiredModuleNames:_array_index:0 = “mystuff_module”
web:definedWebApps:_array_index:11:startCommand = “/usr/local/bin/startmywebapp”
web:definedWebApps:_array_index:11:sslPolicy = 0
web:definedWebApps:_array_index:11:requiresSSL = no
web:definedWebApps:_array_index:11:requiredByWebAppNames = _empty_array
web:definedWebApps:_array_index:11:launchKeys:_array_index:0 = “com.example.mywebapp”
web:definedWebApps:_array_index:11:proxies:/mywebapp:path = “/mywebapp”
web:definedWebApps:_array_index:11:proxies:/mywebapp:urls:_array_index:0 = “http://localhost:3000”
web:definedWebApps:_array_index:11:proxies:/mywebapp:urls:_array_index:1 = “http://localhost:3001”
web:definedWebApps:_array_index:11:preflightCommand = “/usr/local/bin/preflightmywebapp”
web:definedWebApps:_array_index:11:stopCommand = “/usr/local/bin/stopmywebapp”
web:definedWebApps:_array_index:11:name = “com.example.mywebapp”
web:definedWebApps:_array_index:11:displayName = “MyWebApp”
The final section defines the settings used for the default sites as well as a couple of host based settings:
web:defaultSecureSite:documentRoot = “/Library/Server/Web/Data/Sites/Default”
web:defaultSecureSite:serverName = “”
web:defaultSecureSite:realms = _empty_dictionary
web:defaultSecureSite:redirects = _empty_array
web:defaultSecureSite:enableServerSideIncludes = no
web:defaultSecureSite:networkAccesses = _empty_array
web:defaultSecureSite:customLogPath = “&quot;/var/log/apache2/access_log&quot;”
web:defaultSecureSite:webApps = _empty_array
web:defaultSecureSite:sslCertificateIdentifier = “odr.krypted.com.32A9706448BDB45B120A91470FA866A5C61BD342”
web:defaultSecureSite:fullSiteRedirectToOtherSite = “”
web:defaultSecureSite:allowFolderListing = no
web:defaultSecureSite:serverAliases = _empty_array
web:defaultSecureSite:errorLogPath = “&quot;/var/log/apache2/error_log&quot;”
web:defaultSecureSite:fileName = “/Library/Server/Web/Config/apache2/sites/0000_127.0.0.1_34543_.conf”
web:defaultSecureSite:aliases = _empty_array
web:defaultSecureSite:directoryIndexes:_array_index:0 = “index.html”
web:defaultSecureSite:directoryIndexes:_array_index:1 = “index.php”
web:defaultSecureSite:directoryIndexes:_array_index:2 = “default.html”
web:defaultSecureSite:allowAllOverrides = no
web:defaultSecureSite:identifier = “67127004”
web:defaultSecureSite:port = 34543
web:defaultSecureSite:allowCGIExecution = no
web:defaultSecureSite:serverAddress = “127.0.0.1”
web:defaultSecureSite:requiresSSL = yes
web:defaultSecureSite:proxies = _empty_dictionary
web:defaultSecureSite:errorDocuments = _empty_dictionary
web:mainHost:keepAliveTimeout = 15.000000
web:mainHost:maxClients = “256”
Each site has its own configuration file defined in the array for each section. By default these are stored in the /Library/Server/Web/Config/apache2/sites directory, with /Library/Server/Web/Config/apache2/sites/0000_any_80_blog.krypted.com.conf being the file for the custom site we created previously. As you can see, many of the options available in the Server app are also available in these files:
ServerName www2.krypted.com ServerAdmin admin@example.com DocumentRoot "/Library/Server/Web/Data/Sites/blog.krypted.com" DirectoryIndex index.html index.php /wiki/ default.html CustomLog /var/log/apache2/access_log combinedvhost ErrorLog /var/log/apache2/error_log
SSLEngine Off
SSLCipherSuite “ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM”
SSLProtocol -ALL +SSLv3 +TLSv1
SSLProxyEngine On
SSLProxyProtocol -ALL +SSLv3 +TLSv1
Options All -Indexes -ExecCGI -Includes +MultiViews
AllowOverride None
DAV Off
Deny from all
ErrorDocument 403 /customerror/websitesoff403.html
The serveradmin command can also be used to run commands. For example, to reset the service to factory defaults, delete the configuration files for each site and then run the following command:

sudo serveradmin command web:command=restoreFactorySettings

The final tip I’m going to give in this article is when to make changes with each app. I strongly recommend making all of your changes in the Server app when possible. When it isn’t, use serveradmin and when you can’t make changes in serveradmin, only then alter the configuration files that come with the operating system by default. For example, in this article I look at overriding some ports for some virtual sites that might conflict with other sites on your systems. I also recommend keeping backups of all configuration files that are altered and a log of what was altered in each, in order to help piece the server back together should it become unconfigured miraculously when a softwareupdate -all is run next.

September 27th, 2017

Posted In: Mac OS X Server

Tags: , , , , , , , , , ,

macOS Server 5.4 (for High Sierra)  comes with the /usr/sbin/serverinfo command (which was originally introduced in Mountain Lion Server). The serverinfo command is useful when programmatically obtaining information about the very basic state of an Apple Server. The first option indicates whether the Server app has been downloaded from the app store, which is the –software option:

serverinfo --software

When used, this option reports the following if the Server.app can be found:
This system has server software installed.
Or if the software cannot be found, the following is indicated:
This system does NOT have server software installed.
The –productname option determines the name of the software app: serverinfo --productname If you change the name of the app from Server then the server info command won’t work any longer, so the output should always be the following: Server The –shortversion command returns the version of the Server app being used:

serverinfo --shortversion

The output will not indicate a build number, but instead the version of the app on the computer the command is run on:
5.4
To see the build number (which should iterate with each update to the Server app from the Mac App Store, use the –buildversion option:

serverinfo --buildversion

The output shows the build of server, which doesn’t necessarily match the macOS build number:
17S1180a
Just because the Server app has been downloaded doesn’t mean the Server setup assistant has been run. To see if it has, use the –configured option:

serverinfo --configured

The output indicates whether the system is running as a server or just has the app installed (e.g. if you’re using it to connect to another server:
This system has server software configured.
You can also output all of the information into a single, easy to script against property list using the –plist option:

serverinfo --plist

The output is a list of each of the other options used: <?xml version=”1.0″ encoding=”UTF-8″?> <!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”> <plist version=”1.0″> <dict> <key>IsOSXServerVolume</key> <true/> <key>IsOSXServerVolumeConfigured</key> <true/> <key>IsServerHardware</key> <false/> <key>LocalizedServerProductName</key> <string>Server</string> <key>MinimumServerVersionAllowed</key> <string>5.3.55</string> <key>ServerBuildVersion</key> <string>17S1180a</string> <key>ServerPerformanceModeEnabled</key> <false/> <key>ServerVersion</key> <string>5.3</string> </dict> </plist>

The Server Root can reside in a number of places. To see the path (useful when scripting commands that are relative to the ServerRoot:

serverinfo –prefix

By default, the output is as follows, which is basically like a dirname of the ServerRoot:
/Applications/Server.app/Contents/ServerRoot
You can also see whether the system is running on actual hardware desgnated by Apple for servers using the –hardware option:

serverinfo --hardware

The output simply indicates if the hardware shipped with OS X Server on it from Apple:
This system is NOT running on server hardware.
The –perfmode option indicates whether or not the performance mode has been enabled, dedicating resources to binaries within the Server app:

serverinfo --perfmode

If the performance mode has not been enabled then the output will be as such:
Server performance mode is NOT enabled.
Note: Performance mode doesn’t seem to be support any longer, as none of the options will actually enable the service.

September 27th, 2017

Posted In: Mac OS X Server

Tags: , , , , , , ,

Next Page »